Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [USN-8-1] gaim vulnerabilities

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-Disclosure] [USN-8-1] gaim vulnerabilities
Date: Wed, 27 Oct 2004 02:53:22 +0200 
===========================================================
Ubuntu Security Notice USN-8-1             October 27, 2004
gaim vulnerabilities
CAN-2004-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow and two remote crashes were recently discovered in
gaim's MSN protocol handler. An attacker could potentially execute
arbitrary code with the user's privileges by crafting and sending a
particular MSN message.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.diff.gz
      Size/MD5:    40716 a1cd244a1d9197c9a4855706f857ede2
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.dsc
      Size/MD5:      853 dbd5a82e0fa2c33df8fc26d636a2f9f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_amd64.deb
      Size/MD5:  3443672 0a2a22b071c0256a2d68d20b474fdddc

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_i386.deb
      Size/MD5:  3353616 1b825ce8a2cbba5fa2171fa089f71112

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_powerpc.deb
      Size/MD5:  3417684 bae36e86bcf49722af6497d55a2de5fc

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [USN-8-1] gaim vulnerabilities, Martin Pitt <=
Previous by Date:  [Full-Disclosure] [USN-3-1] GhostScript utility script vulnerabilities, Martin Pitt
Next by Date:  [Full-Disclosure] [USN-5-1] gettext vulnerabilities, Martin Pitt
Previous by Thread:  [Full-Disclosure] [USN-3-1] GhostScript utility script vulnerabilities, Martin Pitt
Next by Thread:  [Full-Disclosure] [USN-5-1] gettext vulnerabilities, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]